By Leon Ward, for Director Product Management for Sourcefire
Vince Cable this week warned of the vulnerability of Britain’s essential services to a cyber attack and called for better IT security, but exactly how serious is the threat?
The startling reality is that your business has already been attacked. Cisco’s Annual Security Report 2014 revealed that 100 per cent of corporate networks studied showing signs of malicious traffic. It is a cold hard statistic that highlights what the cyber security industry has known for some time, it is no longer a question of if you get attacked but when and for how long.
Many of the high profile recent attacks on some of the world’s biggest businesses show just how long they have been going on and how much data has been lost. To steal millions of identities takes time and shows that the security teams in those businesses were probably unable to spot the data being extracted. The 2013 Verizon Data Breach Investigations Report revealed 66 per cent of organisations failed to identify breaches for months or years after they were compromised. Clearly cybercriminals are in it for the long-haul. Not only that, they are professionals, well resourced and will invest time and energy in finding a crack in defences and carry out their attack silently across the corporate network.
The problem for today’s businesses is that everything is connected, which of course brings huge benefits to us all at home and at work, but it also presents huge opportunities for the hackers. The cyber criminal knows if they can get in via an employee’s personal iPad, the SCADA control system or even a third party supplier’s network they will be able to infiltrate business networks.
Furthermore, most traditional cyber security solutions assert they will stop attackers getting into the network in the first place, but while firewalls and antivirus are essential to stop the broad-based attacks, they will not stop them all. The advanced malware and threats most businesses face will find a way through. So, as well as protecting the boundaries of the network, the business needs to have the ability to continually monitor its network and spot abnormalities in software applications operating in an unexpected fashion. Only by addressing the complete attack continuum – before, during and after, does the business have a chance to deal stopping an attack before too much damage is done.
The findings of the Cisco report highlight the need for security professionals to change their mindset by looking at security and networks assuming the bad guys will get in, or indeed that they are already there. Only then can they hope to deal with the inevitability facing businesses in today’s technology driven world. The security ‘game’ has changed, and if businesses do not recognise that change, they will end up attracting attention for all the wrong reasons.